How to make such kind of requests for kibana?
where field does not contain substring
It is easy to create filters like field: substring. Neither not "substring" or field: not(substring) or field: not(*substring*) work
Asked
Active
Viewed 5.9k times
57
gayavat
- 18,910
- 11
- 45
- 55
2 Answers
70
To add to @gayavat's answer (which has put me on the right track), here is a real-life example:
NOT message:(view.html)
This is assuming I've got a filed "message", which is standard for Java logs. Or, you can combine it with other criteria:
pension AND NOT message:(view.html)
That will search for all occurrences of "pension", excluding those appearing together with the "view.html"
slm
- 15,396
- 12
- 109
- 124
Nestor Milyaev
- 5,845
- 2
- 35
- 51
20
-field: "tracker" works! Unfortunately, I did not find it in docs but only here http://logs101.com/how-to-overcome-the-missing-editable-filters-feature-in-kibana-4/
gayavat
- 18,910
- 11
- 45
- 55
-
5For what it's worth, that information can be found in the official docs [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_boolean_operators) – Val Mar 09 '16 at 12:24